I'm told this is not a regression (eg it's known that unity does not restart after the first crash) however this is significant because when unity does not restart, that terminal just stays open right there, and while it doesn't respond to keyboard input, it does respond to mouse input, so it's possible to issue commands as the logged-in user by copy & pasting (eg, select some text, right click -> copy, right click -> paste).

So if I'm an attacker and I'm in a position to trigger a crash in compiz, the whole "restarting locked" thing seems kind of weak, because all I have to do is crash compiz... twice. Granted the unity-free UI is quite limited, maybe there's a browser open and I can access the user's email, or whatever. it's still an attack vector.